<?php
if (!defined('BASEPATH')) exit('No direct script access allowed');
 
class Zacl
{
    function __construct()
    {
        //session_start();
        //Append Zend's folder in PHP's include path
        set_include_path(get_include_path() . PATH_SEPARATOR . APPPATH . "ext_libraries");
 		
        //Load the Acl class
        require_once 'Zend/Acl.php';
        require_once 'Zend/Acl/Role.php';
        require_once 'Zend/Acl/Resource.php';
        
 		$this->CI =& get_instance();
 		$this->acl = $this->CI->cache->get('_acl_');
        if (!$this->acl){
	        //Create a new Acl object
	        $this->acl = new Zend_Acl();
	        
	    	//Load role registry
	        
	        $this->db_payment = $this->CI->load->database(DB_PAYMENT, TRUE);
	        $query = $this->db_payment->get('admin_acl_roles');        
	        foreach($query->result() as $role) {
	        	$roleId = $role->name;	
	        	$this->acl->addRole(new Zend_Acl_Role($roleId));
	        }        
	        //Load resources
	        $query = $this->db_payment->get('admin_acl_resources');
	        foreach($query->result() as $resource) {
	        	$this->acl->add(new Zend_Acl_Resource($resource->name));
	        }
	        
	        //Load rules
	        $query = $this->db_payment->get('admin_acl_permissions');
	    	foreach($query->result() as $permission) {
	        	if ($permission->allow == 0){
	        		if ($permission->privilege)
	        			$this->acl->deny($permission->role, $permission->resource, $permission->privilege);
	        		else
	        			$this->acl->deny($permission->role, $permission->resource);
	        	} else {
	        		if ($permission->privilege)
	        			$this->acl->allow($permission->role, $permission->resource, $permission->privilege);
	        		else
	        			$this->acl->allow($permission->role, $permission->resource);	
	        	}
	        }    

	        $this->CI->cache->set('_acl_', $this->acl);
        }   
    }
 
    function check_acl($role, $resource, $privilege)
    {
    	// Get user role
    	/*$user_id = $this->CI->session->userdata('user_id');
    	if ($user_id > 0){
    		$this->db_payment = $this->CI->load->database(DB_PAYMENT, TRUE);
	    	$query = $this->db_payment->get_where('users', array('id' => $user_id), 1);
	    	$role = $query->row()->role;
	    } else {
    		$role = new Zend_Acl_Role('guest');	
    	}*/
    	if (!$role){
    		$role = new Zend_Acl_Role('guest');
    	}
    	if (!$this->acl->has($resource))
        {
        	return 1;
        }
        $isAllow = $this->acl->isAllowed($role, $resource, $privilege);
        if ($this->acl->isAllowed($role, $resource, $privilege)){
        	return TRUE;
        }else {
        	$parentRole = $this->getParentRole($role);
        	if ($parentRole){
        		return $this->check_acl($parentRole, $resource, $privilege);
        	} else {
        		return FALSE;
        	}
        }
 
       	//return $this->acl->isAllowed($role, $resource, $privilege);
    }
    
    private function getParentRole($role) {
    	$this->db_payment = $this->CI->load->database(DB_PAYMENT, TRUE);
    	$query = $this->db_payment->get_where('admin_acl_roles', array('name' => $role->getRoleId()));
    	if (!$query->row() || !$query->row()->parent_id)
    		return false;
    	else {
    		return new Zend_Acl_Role($query->row()->parent_id);	
    	}	
    }
}
?>